
United States Patent and Trademark Office 



UNITED STATES DEPARTMENT OF COMMERCE 
United States Patent and Trademark Office 

Address: COMMISSIONER FOR PATENTS 
P.O. Box 1450 

Alexandria, Virginia 223 1 3-1450 
www.uspto.gov 



APPLICATION NO. 



FILING DATE 



FIRST NAMED INVENTOR 



ATTORNEY DOCKET NO. 



CONFIRMATION NO. 



09/654,587 



09/01/2000 



Kar-Wing Edward Lor 



07/19/2004 



32294 7590 

SQUIRE, SANDERS & DEMPSEY L.L.P. 
14TH FLOOR 

8000 TOWERS CRESCENT 
TYSONS CORNER, VA 22182 



PI 08339-09045 



7189 



EXAMINER 



LEE, TIMOTHY L 



ART UNIT 



PAPER NUMBER 



2662 

DATE MAILED: 07/19/2004 



7 



Please find below and/or attached an Office communication concerning this application or proceeding. 



PTO-90C (Rev. 10/03) 



Office Action Summary 



Application No. 



09/654,587 



Examiner 

Timothy Lee 



Applicant(s) 



LOR ET AL 



Art Unit 

2662 



- The MAILING DATE of this communication appears on the cover sheet with the correspondence address 
Period for Reply 

A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 .136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication, 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

1 )S Responsive to communication(s) filed on 23 April 2004 , 
2a)D This action is FINAL. 2b)K This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quay/e, 1935 CD. 1 1 , 453 O.G. 213. 

Disposition of Claims 

4) S Claim(s) 7-9 and 11-33 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) H Claim(s) 8.9,11-20,27-29 and 31-33 is/are rejected. 

7) 13 Claim(s) 7.21-26 and 30 is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10) D The drawing(s) filed on is/are: a)D accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1.85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 

1 1) D The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 1 1 9 

12) D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 1 19(a)-(d) or (f). 
a)D All b)D Some * c)D None of: 

1 .□ Certified copies of the priority documents have been received. 

2.D Certified copies of the priority documents have been received in Application No. . 



3.D Copies of the certified copies of the priority documents have been received in this National Stage 
application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 
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DETAILED ACTION 

Claim Rejections - 35 USC§103 

1 . The following is a quotation of 35 U.S. C. 103(a) which forms the basis for all 

obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

2. Claims 8, 9, 11, 13, 14, 15, 16, 17, 18, 19, 20, 27, 28, and 29 are rejected under 35 
U.S.C. 103(a) as being unpatentable over Baum et al. (US 6,400,707) in view of Curry et 
al. (US 6,233,234). 

3. Regarding claims 11, 13, 14, 15 and 20, Baum et al. discloses a method and a 
system for managing security in communication sessions across networks. The operation 
of the system in establishing a call connection may be described as follows: The actual 
call set up signaling flow starts at the point where the user has established IP layer 
connectivity with the network, and has invoked the voice over Internet software 
application (VOIP packets). See col 4, lines 15-20. Referring to Fig. 3, there is shown a 
detailed description of a firewall mechanism according to the invention. See col. 5, lines 
24-26. The static firewall acts as a rule based packet filter. However, according to the 
invention the rules are automatically and dynamically set. The security is applied to each 
port on the fly to provide extremely fast operation (filtering all packets associated with 
the dynamically negotiated VOIP port). See col. 5, line 61-col. 6, line 8. In setting up a 
call, the PC application notes an address and sends a Q.391 message to set up a 
conversation. The Q.391 messages reaches the static firewall 340, which checks the 
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message to confirm that it is a valid Q.391 stream (filtering packets received in a network 
switch to trap at least one VOIP call setup message). See col. 6, lines 51-62. The 
gateway 324 consults its authorization database, notes that it has a valid customer and 
sends a negotiation message back to the PC 326. The message contains the proposal of 
the gateway for a codec and port. The control processor reads and analyzes the replicated 
message, notes the codec and port, and notes that the gateway has authorized the call 
(determining a dynamically negotiated VOIP port). See col. 7, lines 25-41. The control 
processor now generates a set of security specifications, compiles a filter configuration 
message, and sends this to the filter or firewall (generating a filter). The firewall filter 
now monitors every packet that follows for strict conformance with the filter 
requirements (taking predefined filtering actions upon the subsequent packets). See col. 
7, lines 41-52. It is inherent that the generated filter will be stored for at least the 
duration of the conversation, but Baum et al. does not expressly disclose storing the 
generated filter specifically in a filter table. Curry et al. discloses storing filters in filter 
tables, where filtering may occur at various levels of addressing. See col. 5, line 64-col. 
6, line 14. It would have been obvious to store the generated filter from Baum et al. in a 
filter table as disclosed by Curry et al.. One would have been motivated to do this 
because a table can be easy to search, which would lead to quicker switching times. 
Also, with regard to claim 14, a firewall inherently drops packets that don't fit the filter 
rules (dropping the filtered packet). 

4. Regarding claim 1 1 more specifically, as mentioned previously, Baum et al, 
discloses that the firewall filter monitors every packet according to the specifications sent 
to it by the control processor (a filtering step by a fast filtering processor). 
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5. Regarding claim 8, as mentioned previously, Baum et al. discloses that the 
message contains the proposal of the gateway for a codec and port. The control processor 
then reads and analyzes the message and notes the codec and port. 

6. Regarding claims 16 and 17, as mentioned previously, Baum et al. discloses that 
the firewall filter knows the port from specification messages that it receives from the 
control processor (storing the port). The firewall filter then monitors the packets to make 
sure they are in compliance with the rules (filtering all packets; classifying filtered 
packets in according with the filtering actions). 

7. Regarding claim 27, as mentioned previously, it would have been obvious to store 
the firewall filter rules from Baum et al. in table memory as disclosed by Curry et al.. 
One would have been motivated to do so for the reasons expressed above. 

8. Regarding claim 29, Baum et al. discloses that the customer boots to the PC to 
begin to process of establishing a call. The PC, in turn, talks to the processor when it 
sends out a request to make a call. . 

9. Regarding claim 19, a firewall inherently drops packets that don't fit the filter 
rules (dropping the filtered packet). 

10. Regarding claim 9, neither Baum et al. nor Curry et al. expressly discloses 
determining an RTP port. However, it would have been obvious to negotiate for an RTP 
port in the combined system of Baum et al. and Curry et al. when the step of negotiating 
for ports occurs. One would have been motivated to do this because RTP provides real- 
time transport, which makes it ideal for voice traffic which needs to be in real-time in 
order for there to be a coherent conversation. 
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11. Regarding claim 18, neither Baum et al. nor Curry et al. expressly discloses 
where one of the filtering actions includes changing the priority of the packet to reduce 
network transmission delay for the packet. However, it would have been obvious to 
include this as one of the filter rules in the firewall filter of the combined system of Baum 
et al. and Curry et al.. One would have been motivated to do this because this would 
allow the most voice traffic to pass through and allow conversations to be smoother. 
Also, Baum et al. also says that the filter provides full time filtering on a very specific set 
of specifications or rules which are customized for each communication path and set in 
the firewall in virtual real time. By being able to change these rules dynamically, the 
system of Baum et al. has the capability of letting certain packets through on certain 
ports, thereby giving priority to certain packets when needed. 

12. Regarding claim 28, neither Baum et al. nor Curry et al. expressly discloses 
having both an internal memory and an external memory. However, it would have been 
obvious to have both an internal and external memory. One would have been motivated 
to do this because having both allows for a backup in case one of the memories is to fail. 

13. Claims 12, 3 1, and 32 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Baum et al. in view of Curry et al., further in view of Klein et al. (US 6,085,328). 
Neither Baum et al. nor Curry et al. expressly discloses using filter masks on the 
information and comparing the information in the packet to a table. Klein et al. discloses 
selecting a mask and a hash function to calculate from that mask. This process is shown 
in Fig. 4. See also col 5, line 66-col. 6, line 28. The 16-bit result of the hash function 
calculation is then compared with at least one desired 16 bit value. See col. 7, lines 43- 
48. These values are inherently kept in a table in memory. It would have been obvious 
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to a person of ordinary skill in the art at the time of the invention to apply these filtering 
and comparing steps from Klein et al. in the system of Baum et aL One would have been 
motivated to do this because filter masking and hashing allow the system to use less 
power when connected to the network. Also, the techniques of hashing and filter 
masking are commonly used when extracting information from a packet and comparing it 
to what already exists in a table. 

Allowable Subject Matter 

14. Claims 7, 21-26, and 30 are objected to as being dependent upon a rejected base 
claim, but would be allowable if rewritten in independent form including all of the 
limitations of the base claim and any intervening claims. 

Response to Arguments 

1 5. Applicant's arguments with respect to claims 7-9 and 1 1-33 have been considered 
but are moot in view of the new ground(s) of rejection. 

Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Timothy Lee whose telephone number is (703)305-7349. 
The examiner can normally be reached on M-F, 9-5. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Hassan Kizou can be reached on (703)305-4744. The fax phone number for 
the organization where this application or proceeding is assigned is 703-872-9306. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. Status 
information for unpublished applications is available through Private PAIR only. For 
more information about the PAIR system, see http://pair-direct.uspto.gov. Should you 
have questions on access to the Private PAIR system, contact the Electronic Business 
Center (EBC) at 866-217-9197 (toll-free). 



Timothy Lee 
July 7, 2004 



TLL 



HASSAN KIZOtKy 
SUPERVISORY PATENT EXAMINER 
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